Qubes on a laptop or a desktop: which is more secure?

One argument I can see for laptops is that they are an integrated unit that doesn’t depend on a host of external devices. For example, they have integrated keyboards, trackpads, and screens. It’s entirely feasible to not have a sys-USB. However, how the idiosyncracies in how components are wired together can lead to passthrough issues or worse (e.g. @alzer89 mentioned that some MacBooks have the keyboard, trackpad, bluetooth, wifi and more on the same bus).

One argument I can see for desktops is that they don’t tend to travel around and are harder to access or steal, and suspect components can be quickly swapped out. Howeber, on top of lacking portability, desktops also require a far wider trust base since components and external devices tend to be from a constellation of manufacturers.

If you were to build the ultimate secure workstation (whatever that means to you), would it be a laptop or a desktop? Why?

Let’s assume both are trusted machines…

It seems that a laptop is easier to keep in one’s possession, protect from physical threats, transport and utilize in more contexts for greater tactical advantage and through more networks for greater privacy advantage.

One of the most common threats to privacy is the user accessing the internet from personally associated networks. Desktops are generally anchored to single locations resulting in less network diversification. They are often left unattended and unprotected. Laptops can easily be put in a safe if they need to be left unattended.

If the user can only choose desktop or laptop for a computer, the desktop user will likely be using a mobile device on the road which tend to be less secure than a computer running Qubes - so the laptop user would be less inconvenienced making more secure choices on the road.

To be fair, the desktop has greater potential for hardware compartmentalization… separate controllers for various devices instead of many things being controlled by just a few PCI controllers. Not to mention a greater selection of components that are more robust, with better specs.

But I think the laptop wins by a pretty large margin.

1 Like

Are there any use-cases or threat models in which desktops win by a large margin?

I was just thinking about that.

Maybe a server? Situations that require the most robust builds with processor speed, large amounts of RAM and drive space, etc. Something capable of storing and serving large amounts of data, running resource intensive software and/or managing high end surveillance systems & smoothly scrubbing through 4k video feeds. Something secured in a vaulted safe room with Tempest rated infrastructure and shielded network and power lines. A room with exotic firearms mounted on the walls and extremely beautiful women with advanced degrees from MIT assisting with day to day operations. Something like that.


I hope my humor is appreciated… I suppose there could be room for misinterpreting me. :smile:

1 Like

I don’t understand how you can consider a room secure without sharks with frickin’ lasers attached to their heads.


On a slightly more serious note, you might be interested in the specifications for a SCIF. Apparently the president goes around with a tent SCIF–I’d love to get my hands on one of those.




The “ultimate secure workstation” would be one that has only open components, is fully auditable and has physical and logical tamper detection. That machines doesn’t exist unfortunately.

So we have to work with approximations. First we need a disabled ME, and established root of trust. In other words: heads. That in turn shrinks our options down to a very small number of boards, unless you have the time and energy to port heads. It can be done as the heads community demonstrates.

Before this pandemic my job required frequent travel (~50% of the time), but it is clear now these times never come back: good riddance! I for one won’t miss all the lifetime wasted in airports, rental cars, restaurants and hotels. It sounds cool to some, but it get’s old really fast. So a desktop would be a real possibility.

In this context I have high hopes for Qubes AIR. Not to use it over the internet with hardware owned by someone else, but as a local cluster of trusted (probably older) machines. Imagine a rack of 4 or more T430’s connected to each other via Ethernet. :slight_smile: … that would be 64 GB of RAM, 16 cores while not compromising on the root of trust.

That’s not a laptop anymore, but also not a desktop. It would be a cluster. I can’t wait. :slight_smile:

1 Like

How about this one? Cannot run Qubes, but I guess it goes in the right direction?

1 Like

It is definitely appreciated. :grin:

That sounds like Google’s headquarters in Turkmenistan.

I hope my humour is appreciated too.

1 Like

A post was merged into an existing topic: What would ideal hardware for Qubes look like?

Already did it:

1 Like

You can quote though:

alzer89 wrote:
1 Like

That works too, thanks.

I’ll continue the rant here. :stuck_out_tongue:

Unfortunately, as I’ve been discovering recently, quite a lot of “high-end” hardware is incredibly proprietary.

I can already sense a lot of people saying “Really? No sh*t, Sherlock…”, so let me clarify :laughing:

I’ve recently inherited a fair amount of “gaming” machines (many of which are missing key parts), and I’m in the process of upgrading them in preparation for turning them into servers.

Out of 15 machines, I’ve only so far managed to get 3 to post. As for the rest, troubleshooting is an absolute nightmare.

In other cases, for example, when a dedicated CPU fan is not present, I can’t seem to be able to tell the BIOS to throttle the CPU, so it doesn’t overheat. But I can’t do that without getting the machine to actually post, so it’s a vicious cycle :rofl:

So, not only is it frustrating to be told by your machines “I’m sorry, Dave, I’m afraid I can’t do that…”, it also makes you wonder what else the BIOS might be doing…

Flashing the BIOS doesn’t appear to be a viable option, unless I want to lose a whole bunch of functionality :disappointed_relieved:

It’s like being a manager, and having an employee who’s “untouchable” (maybe the director’s son/daughter or something…), and you know you can’t fire them, even though you so desperately want to… :unamused:

There’s always a trade-off when you are trying to use a device for a use case it wasn’t specifically designed for… :sleepy:

1 Like